third_party/sqlite/patches/0002-Fix-Heap-Buffer-Overflow.patch - chromium/src - Git at Google

 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Darwin Huang <huangdarwin@chromium.org>
 Date: Wed, 17 Jul 2019 14:52:39 -0700
 Subject: [PATCH 2/8] Fix Heap-Buffer-Overflow

     Backports https://www.sqlite.org/src/info/bd9a47a3a2997bfb

     Bug: 984536, 984475, 984650
 ---
  third_party/sqlite/patched/src/build.c        | 32 +++++++++-------
  .../sqlite/patched/test/without_rowid7.test   | 38 +++++++++++++++++++
  2 files changed, 56 insertions(+), 14 deletions(-)
  create mode 100644 third_party/sqlite/patched/test/without_rowid7.test

 diff --git a/third_party/sqlite/patched/src/build.c b/third_party/sqlite/patched/src/build.c
 index fac735f27002..1e9c16684ed2 100644
 --- a/third_party/sqlite/patched/src/build.c
 +++ b/third_party/sqlite/patched/src/build.c
 @@ -1831,6 +1831,7 @@ static void convertToWithoutRowidTable(Parse *pParse, Table *pTab){
    Index *pIdx;
    Index *pPk;
    int nPk;
 +  int nExtra;
    int i, j;
    sqlite3 *db = pParse->db;
    Vdbe *v = pParse->pVdbe;
 @@ -1873,6 +1874,7 @@ static void convertToWithoutRowidTable(Parse *pParse, Table *pTab){
                         SQLITE_IDXTYPE_PRIMARYKEY);
      if( db->mallocFailed || pParse->nErr ) return;
      pPk = sqlite3PrimaryKeyIndex(pTab);
 +    assert( pPk->nKeyCol==1 );
    }else{
      pPk = sqlite3PrimaryKeyIndex(pTab);
      assert( pPk!=0 );
 @@ -1887,6 +1889,8 @@ static void convertToWithoutRowidTable(Parse *pParse, Table *pTab){
          pPk->nColumn--;
        }else{
          testcase( hasColumn(pPk->aiColumn, j, pPk->aiColumn[i]) );
 +        pPk->azColl[j] = pPk->azColl[i];
 +        pPk->aSortOrder[j] = pPk->aSortOrder[i];
          pPk->aiColumn[j++] = pPk->aiColumn[i];
        }
      }
 @@ -1895,7 +1899,7 @@ static void convertToWithoutRowidTable(Parse *pParse, Table *pTab){
    assert( pPk!=0 );
    pPk->isCovering = 1;
    if( !db->init.imposterTable ) pPk->uniqNotNull = 1;
 -  nPk = pPk->nKeyCol;
 +  nPk = pPk->nColumn = pPk->nKeyCol;

    /* Bypass the creation of the PRIMARY KEY btree and the sqlite_master
    ** table entry. This is only required if currently generating VDBE
 @@ -1945,21 +1949,21 @@ static void convertToWithoutRowidTable(Parse *pParse, Table *pTab){

    /* Add all table columns to the PRIMARY KEY index
    */
 -  if( nPk<pTab->nCol ){
 -    if( resizeIndexObject(db, pPk, pTab->nCol) ) return;
 -    for(i=0, j=nPk; i<pTab->nCol; i++){
 -      if( !hasColumn(pPk->aiColumn, j, i) ){
 -        assert( j<pPk->nColumn );
 -        pPk->aiColumn[j] = i;
 -        pPk->azColl[j] = sqlite3StrBINARY;
 -        j++;
 -      }
 +  nExtra = 0;
 +  for(i=0; i<pTab->nCol; i++){
 +    if( !hasColumn(pPk->aiColumn, nPk, i) ) nExtra++;
 +  }
 +  if( resizeIndexObject(db, pPk, nPk+nExtra) ) return;
 +  for(i=0, j=nPk; i<pTab->nCol; i++){
 +    if( !hasColumn(pPk->aiColumn, j, i) ){
 +      assert( j<pPk->nColumn );
 +      pPk->aiColumn[j] = i;
 +      pPk->azColl[j] = sqlite3StrBINARY;
 +      j++;
      }
 -    assert( pPk->nColumn==j );
 -    assert( pTab->nCol==j );
 -  }else{
 -    pPk->nColumn = pTab->nCol;
    }
 +  assert( pPk->nColumn==j );
 +  assert( pTab->nCol<=j );
    recomputeColumnsNotIndexed(pPk);
  }

 diff --git a/third_party/sqlite/patched/test/without_rowid7.test b/third_party/sqlite/patched/test/without_rowid7.test
 new file mode 100644
 index 000000000000..500f2bd157cd
 --- /dev/null
 +++ b/third_party/sqlite/patched/test/without_rowid7.test
 @@ -0,0 +1,38 @@
 +# 2019 July 17
 +#
 +# The author disclaims copyright to this source code.  In place of
 +# a legal notice, here is a blessing:
 +#
 +#    May you do good and not evil.
 +#    May you find forgiveness for yourself and forgive others.
 +#    May you share freely, never taking more than you give.
 +#
 +#*************************************************************************
 +# This file implements regression tests for SQLite library.
 +#
 +
 +set testdir [file dirname $argv0]
 +source $testdir/tester.tcl
 +set testprefix without_rowid7
 +
 +do_execsql_test 1.0 {
 +  CREATE TABLE t1(a, b COLLATE nocase, PRIMARY KEY(a, a, b)) WITHOUT ROWID;
 +}
 +
 +do_catchsql_test 1.1 {
 +  INSERT INTO t1 VALUES(1, 'one'), (1, 'ONE');
 +} {1 {UNIQUE constraint failed: t1.a, t1.b}}
 +
 +
 +do_execsql_test 2.0 {
 +  CREATE TABLE t2(a, b, PRIMARY KEY(a, a COLLATE nocase, a)) WITHOUT ROWID;
 +}
 +
 +do_execsql_test 2.1 {
 +  INSERT INTO t2 VALUES(1, 'one');
 +  SELECT b FROM t2;
 +} {one}
 +
 +
 +finish_test
 +
 --
 2.20.1 (Apple Git-117)
	From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
	From: Darwin Huang <huangdarwin@chromium.org>
	Date: Wed, 17 Jul 2019 14:52:39 -0700
	Subject: [PATCH 2/8] Fix Heap-Buffer-Overflow

	Backports https://www.sqlite.org/src/info/bd9a47a3a2997bfb

	Bug: 984536, 984475, 984650
	---
	third_party/sqlite/patched/src/build.c \| 32 +++++++++-------
	.../sqlite/patched/test/without_rowid7.test \| 38 +++++++++++++++++++
	2 files changed, 56 insertions(+), 14 deletions(-)
	create mode 100644 third_party/sqlite/patched/test/without_rowid7.test

	diff --git a/third_party/sqlite/patched/src/build.c b/third_party/sqlite/patched/src/build.c
	index fac735f27002..1e9c16684ed2 100644
	--- a/third_party/sqlite/patched/src/build.c
	+++ b/third_party/sqlite/patched/src/build.c
	@@ -1831,6 +1831,7 @@ static void convertToWithoutRowidTable(Parse pParse, Table pTab){
	Index *pIdx;
	Index *pPk;
	int nPk;
	+ int nExtra;
	int i, j;
	sqlite3 *db = pParse->db;
	Vdbe *v = pParse->pVdbe;
	@@ -1873,6 +1874,7 @@ static void convertToWithoutRowidTable(Parse pParse, Table pTab){
	SQLITE_IDXTYPE_PRIMARYKEY);
	if( db->mallocFailed \|\| pParse->nErr ) return;
	pPk = sqlite3PrimaryKeyIndex(pTab);
	+ assert( pPk->nKeyCol==1 );
	}else{
	pPk = sqlite3PrimaryKeyIndex(pTab);
	assert( pPk!=0 );
	@@ -1887,6 +1889,8 @@ static void convertToWithoutRowidTable(Parse pParse, Table pTab){
	pPk->nColumn--;
	}else{
	testcase( hasColumn(pPk->aiColumn, j, pPk->aiColumn[i]) );
	+ pPk->azColl[j] = pPk->azColl[i];
	+ pPk->aSortOrder[j] = pPk->aSortOrder[i];
	pPk->aiColumn[j++] = pPk->aiColumn[i];
	}
	}
	@@ -1895,7 +1899,7 @@ static void convertToWithoutRowidTable(Parse pParse, Table pTab){
	assert( pPk!=0 );
	pPk->isCovering = 1;
	if( !db->init.imposterTable ) pPk->uniqNotNull = 1;
	- nPk = pPk->nKeyCol;
	+ nPk = pPk->nColumn = pPk->nKeyCol;

	/* Bypass the creation of the PRIMARY KEY btree and the sqlite_master
	** table entry. This is only required if currently generating VDBE
	@@ -1945,21 +1949,21 @@ static void convertToWithoutRowidTable(Parse pParse, Table pTab){

	/* Add all table columns to the PRIMARY KEY index
	*/
	- if( nPk<pTab->nCol ){
	- if( resizeIndexObject(db, pPk, pTab->nCol) ) return;
	- for(i=0, j=nPk; i<pTab->nCol; i++){
	- if( !hasColumn(pPk->aiColumn, j, i) ){
	- assert( j<pPk->nColumn );
	- pPk->aiColumn[j] = i;
	- pPk->azColl[j] = sqlite3StrBINARY;
	- j++;
	- }
	+ nExtra = 0;
	+ for(i=0; i<pTab->nCol; i++){
	+ if( !hasColumn(pPk->aiColumn, nPk, i) ) nExtra++;
	+ }
	+ if( resizeIndexObject(db, pPk, nPk+nExtra) ) return;
	+ for(i=0, j=nPk; i<pTab->nCol; i++){
	+ if( !hasColumn(pPk->aiColumn, j, i) ){
	+ assert( j<pPk->nColumn );
	+ pPk->aiColumn[j] = i;
	+ pPk->azColl[j] = sqlite3StrBINARY;
	+ j++;
	}
	- assert( pPk->nColumn==j );
	- assert( pTab->nCol==j );
	- }else{
	- pPk->nColumn = pTab->nCol;
	}
	+ assert( pPk->nColumn==j );
	+ assert( pTab->nCol<=j );
	recomputeColumnsNotIndexed(pPk);
	}

	diff --git a/third_party/sqlite/patched/test/without_rowid7.test b/third_party/sqlite/patched/test/without_rowid7.test
	new file mode 100644
	index 000000000000..500f2bd157cd
	--- /dev/null
	+++ b/third_party/sqlite/patched/test/without_rowid7.test
	@@ -0,0 +1,38 @@
	+# 2019 July 17
	+#
	+# The author disclaims copyright to this source code. In place of
	+# a legal notice, here is a blessing:
	+#
	+# May you do good and not evil.
	+# May you find forgiveness for yourself and forgive others.
	+# May you share freely, never taking more than you give.
	+#
	+#*************************************************************************
	+# This file implements regression tests for SQLite library.
	+#
	+
	+set testdir [file dirname $argv0]
	+source $testdir/tester.tcl
	+set testprefix without_rowid7
	+
	+do_execsql_test 1.0 {
	+ CREATE TABLE t1(a, b COLLATE nocase, PRIMARY KEY(a, a, b)) WITHOUT ROWID;
	+}
	+
	+do_catchsql_test 1.1 {
	+ INSERT INTO t1 VALUES(1, 'one'), (1, 'ONE');
	+} {1 {UNIQUE constraint failed: t1.a, t1.b}}
	+
	+
	+do_execsql_test 2.0 {
	+ CREATE TABLE t2(a, b, PRIMARY KEY(a, a COLLATE nocase, a)) WITHOUT ROWID;
	+}
	+
	+do_execsql_test 2.1 {
	+ INSERT INTO t2 VALUES(1, 'one');
	+ SELECT b FROM t2;
	+} {one}
	+
	+
	+finish_test
	+
	--
	2.20.1 (Apple Git-117)